From 7e811007e22fd8074200e7f302e14542043718a7 Mon Sep 17 00:00:00 2001
From: naruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 22 Mar 2017 05:54:22 +0000
Subject: merge revision(s) 58040,58041:

	stringio.c: check character code

	* ext/stringio/stringio.c (strio_ungetc): check if the character
	  code is valid in the encoding.  reported by Ahmad Sherif
	  (ahmadsherif) at https://hackerone.com/reports/209593.
	stringio.c: check range

	* ext/stringio/stringio.c (strio_ungetc): raise RangeError instead
	  of TypeError at too big value, as well as IO#ungetc.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@58052 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ext/stringio/stringio.c        | 8 +++++---
 test/stringio/test_stringio.rb | 3 +++
 version.h                      | 2 +-
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/ext/stringio/stringio.c b/ext/stringio/stringio.c
index fb2eddaa7e..1e464bc9d1 100644
--- a/ext/stringio/stringio.c
+++ b/ext/stringio/stringio.c
@@ -767,13 +767,15 @@ strio_ungetc(VALUE self, VALUE c)
 
     check_modifiable(ptr);
     if (NIL_P(c)) return Qnil;
-    if (FIXNUM_P(c)) {
-	int cc = FIX2INT(c);
+    if (RB_INTEGER_TYPE_P(c)) {
+	int len, cc = NUM2INT(c);
 	char buf[16];
 
 	enc = rb_enc_get(ptr->string);
+	len = rb_enc_codelen(cc, enc);
+	if (len <= 0) rb_enc_uint_chr(cc, enc);
 	rb_enc_mbcput(cc, buf, enc);
-	return strio_unget_bytes(ptr, buf, rb_enc_codelen(cc, enc));
+	return strio_unget_bytes(ptr, buf, len);
     }
     else {
 	SafeStringValue(c);
diff --git a/test/stringio/test_stringio.rb b/test/stringio/test_stringio.rb
index d4df7b2617..667fe3ea81 100644
--- a/test/stringio/test_stringio.rb
+++ b/test/stringio/test_stringio.rb
@@ -453,6 +453,9 @@ class TestStringIO < Test::Unit::TestCase
     f.ungetc("y".ord)
     assert_equal("y", f.getc)
     assert_equal("2", f.getc)
+
+    assert_raise(RangeError) {f.ungetc(0x1ffffff)}
+    assert_raise(RangeError) {f.ungetc(0xffffffffffffff)}
   ensure
     f.close unless f.closed?
   end
diff --git a/version.h b/version.h
index c62731790e..36977a1fa8 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
 #define RUBY_VERSION "2.4.1"
 #define RUBY_RELEASE_DATE "2017-03-22"
-#define RUBY_PATCHLEVEL 110
+#define RUBY_PATCHLEVEL 111
 
 #define RUBY_RELEASE_YEAR 2017
 #define RUBY_RELEASE_MONTH 3
-- 
cgit v1.2.3